If you have a large environment you may need to add -t 0 to disable an LDAP timeout.

This could also be done by specifying the domain or even a container somewhere within a given domain via the -b switch like -b dc=testvn,dc=testvg,dc=loc instead of -default (which is a shortcut or alias for “Look up the default domain DN and use it”) or by specifying a specific domain name via the host switch such as -h testvn.testvg.loc

Note that primary group membership is maintained in a different manner and will not be reported this way. See primaryGroupID attribute on a user object for this info.

If you need this information for an entire forest, you can use a for /f loop to execute a similar command above for every domain.

9/20/2016

Back in July, the web was afloat of rumors that Microsoft might be open sourcing PowerShell. Now a little over a month later, those rumors have been confirmed, and PowerShell has officially appeared on GitHub for Windows, Linux and MacOS.

8/2/2016

I am looking at what needs to be updated for AdFind/AdMod for Windows Server 2016 Active Directory and ADLDS. Is anyone actively using the beta and using AdFind/AdMod against it? Thoughts, comments, questions?

It seems I have been having a generally bad attitude about Windows 10 and Windows Server 2016 TP5 lately (especially the Start Menu) so I sat down and thought for a while… what do I really like about Windows 10/Windows Server 2016 TP5.

There has to be something that sticks out to me because it can’t all be painful and/or bad… I realized that my favorite part is the ability to finally be able to set the transparency level on the CMD and PowerShell console windows.

There used to be an application that would do that for you for the CMD console but it was kind of clunky especially when typing fast or the screen was scrolling fast. Glad to have it built in now. That was a feature I fell in love with on FreeBSD ages ago.

8/1/2016

Every year I have to submit my "accomplishments" from the prior year to see if I still "rate" as a Microsoft MVP. This is the first year since becoming an MVP in 2001[1] that I have been pinged to be more specific about what makes me valuable enough to be an MVP. I think that could mean that I am on the edge or perhaps over the edge and on my way out. We shall see as the next award cycle when I learn every year if I am still good enough is Oct 1.

I really enjoy being associated with the MVP program. It was always good being able to evangelize and share my voice as a person a lot of folks know as a true honest voice with serious technical chops being able to see behind the curtains at Microsoft a little and assure people that they are good people and trying to help. Also being able to provide feedback internally with minimal hoop jumping has always been a great thing as well. I can no longer recall how many bug fixes and documentation fixes I have submitted over the years mostly all of which started after I became an MVP and started to feel some small sense of ownership over what they published and a sense of "I want this to be right because my name is associated with these folks".

I hope I get awarded again, but if the Directory Services Product Group no longer feels I am a valuable external real world deep tech expert that is entirely their decision to make and I appreciate the time we have had together. 🙂

joe

[1] Funny story. When I was first awarded the MVP I didn’t know what it was and I refused it. The guys running the program at MSFT had to call me and talk me into accepting it. I was quite busy at the time ripping Microsoft to shreds in the newsgroups and other forums for doing stupid shit while I was simultaneously helping people protect themselves from the stupid shit. I refused because I thought they wanted to bring me in to get some level of control over me and what I posted. They assured me that wasn’t the case so after a few weeks I accepted and have been quite happy since being associated with the program. However I do realize that little by little over time I started to worry more about the NDA and what they could say I learned via NDA sources versus on my own and was less and less likely to post the dark underside and badness because NDAs are serious shit and I didn’t want to have to debate with them what I figured out on my own versus what I didn’t learn from NDA. Realistically I haven’t learned a whole lot from the NDA conversations, if anything it has been more useful so I could better respond to deeper more direct questions their folks have had of me.

2/25/2016

It is with great sadness that I share with the joeware community that Mike Kline passed away on February 24th.

Mike was a great guy. He worked for Microsoft as a Premier Field Engineer, was a DS MVP like myself for years prior to working for Microsoft, a very strong proponent and long time evangelist of the joeware site and tools, and although I never had the opportunity to meet him face to face – a friend.

I have no details on what happened (whether sick or accident or ??) but I wanted to take a moment to share this sad news for those who may have knew him or had enjoyed his comments, blog postings, etc.

Mike will definitely be missed. My thoughts go out to his family for this loss.

1/4/2016

As far as I can tell, what happens at these companies is that they started by concentrating almost totally on product growth. That’s completely and totally reasonable, because companies are worth approximately zero when they’re founded; they don’t bother with things that protect them from losses, like good ops practices or actually having security, because there’s nothing to lose (well, except for user data when the inevetible security breach happens, and if you talk to security folks at unicorns you’ll know that these happen).

The result is a culture where people are hyper-focused on growth and ignore risk. That culture tends to stick even after company has grown to be worth well over a billion dollars, and the companies have something to lose. Anyone who comes into one of these companies from Google, Amazon, or another place with solid ops practices is shocked. Often, they try to fix things, and then leave when they can’t make a dent.

…

Google didn’t go from adding z to the end of names to having the world’s best security because someone gave a rousing speech or wrote a convincing essay. They did it after getting embarrassed a few times, which gave people who wanted to do things “right” the leverage to fix fundamental process issues. It’s the same story at almost every company I know of that has good practices. Microsoft was a joke in the security world for years, until multiple disastrously bad exploits forced them to get serious about security. Which makes it sound simple: but if you talk to people who were there at the time, the change was brutal. Despite a mandate from the top, there was vicious political pushback from people whose position was that the company got to where it was in 2003 without wasting time on practices like security. Why change what’s worked?

…

The data are clear that humans are really bad at taking the time to do things that are well understood to incontrovertibly reduce the risk of rare but catastrophic events. We will rationalize that taking shortcuts is the right, reasonable thing to do. There’s a term for this: the normalization of deviance. It’s well studied in a number of other contexts including healthcare, aviation, mechanical engineering, aerospace engineering, and civil engineering, but we don’t see it discussed in the context of software. In fact, I’ve never seen the term used in the context of software.